Formal Analysis of MCAP Protocol Against Replay Attack

Nashwan, Shadi; Alshammari, Bandar

doi:10.9734/bjmcs/2017/32744

Cited by 8 publications

(9 citation statements)

References 8 publications

(23 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this section, we apply the BAN logic model [16,35] to examine the freshness and originality of the authentication messages exchanged between the NFC mobile, NFC POS and AuC in the authentication phase. To apply the BAN logic model, the basic notation and believing rules that we will used are listed in the Tabs.…”

Section: Security Verification Using Ban Logicmentioning

confidence: 99%

“…In the mobile payment system, the process of payment can be summarized into the following steps [14][15][16][17][18]: the user places his/her NFC mobile within the range of the intended NFC POS in order to transmit the payment transaction request message; the NFC POS retransmits the transaction to the authentication center (AuC) of the payment serving provider (PSP); the AuC validates the POS NFC and NFC mobile; the AuC sends the transaction payment response message to the NFC POS; the NFC mobile is validated by the NFC POS; and the NFC mobile receives the transaction payment response message from the NFC POS. Upon receiving the response message, the NFC POS is then validated by the NFC mobile in order to complete the transaction.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Fully Authentication Services Scheme for NFC Mobile Payment Systems

Al-Shammari¹,

Nashwan²

2022

Intelligent Automation &Amp; Soft Computing

Self Cite

View full text Add to dashboard Cite

One commonly used wireless communication technology is Near-Field Communication (NFC). Smartphones that support this technology are used in contactless payment systems as identification devices to emulate credit cards. This technology has essentially focused on the quality of communication services and has somewhat disregarded security services. Communication messages between smartphones, the point of sale (POS), and service providers are susceptible to attack due to existing weaknesses, including that an adversary can access, block and modify the transmitted messages to achieve illegal goals. Therefore, there have been many research proposals in regards to authentication schemes for NFC communications in order to prevent various types of attacks. However, the proposed schemes remain inadequate to secure payment transactions in such systems. In this paper, we propose a fully authentication services scheme for NFC mobile payment systems in order to support a high security level. The proposed scheme has security services, such as a full authentication process, perfect forward secrecy, and simultaneous anonymity of the smartphone and POS. These security services have been validated using the BAN logic model and an automatic cryptographic protocol verifier (ProVerif) tool. A security analysis has clarified that the proposed scheme can prevent various types attacks. A comparison with recent authentication schemes demonstrates that the proposed scheme has an appropriate cost in different sides such as computation, communication and storage space. Therefore, the proposed scheme not only has appealing security features, but can also clearly be utilized in mobile payment systems.

show abstract

Section: Security Verification Using Ban Logicmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Fully Authentication Services Scheme for NFC Mobile Payment Systems

Al-Shammari¹,

Nashwan²

2022

Intelligent Automation &Amp; Soft Computing

Self Cite

View full text Add to dashboard Cite

show abstract

“…The BAN logic model will be used to ensure that the authentication messages exchanged during the authentication and key agreement stage between the healthcare professional node (Ui), medical sensor node (SNj), and GWN are reliable, original, and up-to-date [9,22,24]. The notation, rules of the model, lists of our authentication goals, idealization of the exchange messages, and assumptions that are used in the verification process are illustrated in Tabs.…”

Section: Validation Using Ban Logic Modelmentioning

confidence: 99%

“…Then, we declared four free names, secret1, secret2, secret3, and secret4, to verify the secrecy of the session key (SJj) that will be established (line 16). Next, we defined eight authentication events that determine the start and end of the authentication processes to check the effectivity of mutual authentication between participants (lines [17][18][19][20][21][22][23][24]. Finally, we declared eight queries to verify whether our authentication scheme could satisfy the session key secrecy and mutual authentication (lines 25-32).…”

Section: Table 6: Initial Assumptionsmentioning

confidence: 99%

Secure and Anonymous Three-Factor Authentication Scheme for Remote Healthcare Systems

Alanazi¹,

Nashwan²

2022

Computer Systems Science and Engineering

Self Cite

View full text Add to dashboard Cite

Wireless medical sensor networks (WMSNs) play a significant role in increasing the availability of remote healthcare systems. The vital and physiological data of the patient can be collected using the WMSN via sensor nodes that are placed on his/her body and then transmitted remotely to a healthcare professional for proper diagnosis. The protection of the patient's privacy and their data from unauthorized access is a major concern in such systems. Therefore, an authentication scheme with a high level of security is one of the most effective mechanisms by which to address these security concerns. Many authentication schemes for remote patient monitoring have been proposed recently. However, the majority of these schemes are extremely vulnerable to attacks and are unsuitable for practical use. This paper proposes a secure three-factor authentication scheme for a patient-monitoring healthcare system that operates remotely using a WMSN. The proposed authentication scheme is formally verified using the Burrows, Abadi and Needham's (BAN) logic model and an automatic cryptographic protocol verifier (ProVerif) tool. We show that our authentication scheme can prevent relevant types of security breaches in a practical context according to the discussed possible attack scenarios. Comparisons of the security and performance are carried out with recently proposed authentication schemes. The results of the analysis show that the proposed authentication scheme is secure and practical for use, with reasonable storage space, computation, and communication efficiency.

show abstract

“…Table 1 presents the key hierarchy of the Extended Authentication and Key Agreement protocol (EPS-AKA) deployed in the LTE networks. The authors in [15] elaborate that the root key (K) is utilized by the UE and the HSS to derive both Cipher key (CK) key and Integrity key (IK) key. Upon completion of mutual authentication between the UE and the HSS, the UE and the HSS derive the local root key, K ASME , by binding both CK and IK with MME identity to the key derivation function (KDF).…”

Section: Related Workmentioning

confidence: 99%